Removing assignments from container vulnerable items and remediation tasks

  • Release version: Zurich
  • Updated July 31, 2025
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Removing assignments from container vulnerable items and remediation tasks

    This feature allows ServiceNow users to clear theAssigned toandAssignment groupfields on container vulnerable item (CVIT) and remediation task (CVUL) records when they are incorrectly assigned or outside the user's remediation scope. The unassign action can be performed directly from the respective records in both workspace and classic views, except when the records are in Closed or Resolved states.

    Show full answer Show less

    Users can optionally send requests to clear assignments for approval, ensuring controlled reassignment. When a CVUL assignment group is cleared after approval, all associated CVITs with the same assignment group are also unassigned automatically, except for CVITs manually assigned to different groups.

    Key Features

    • Unassign UI Action: Available on CVIT and CVUL records to remove assignments.
    • Approval Workflow: Triggered by default via the snvul.unassignvr.approvalrequired system property, creating a state change approval record routed to users with the snvulcontainer.unassignapprover role.
    • System Property Controls: Administrators can disable the approval process by setting snvul.unassignvr.approvalrequired to false.
    • Default Assignment Group Redirect: Using snvul.defaultassignmentgroup, cleared assignments can be redirected to a specified group for review, ensuring notifications and tasks reach the appropriate team.
    • Visibility of Unassigned Records: Updated records appear in the Unassigned module, facilitating tracking and management.

    Practical Implications for ServiceNow Customers

    This functionality empowers remediation owners and vulnerability administrators to maintain accurate and relevant assignments in container vulnerability response workflows, reducing noise from incorrectly assigned items and streamlining remediation efforts. The approval mechanism ensures governance and oversight during unassignment, while system properties allow customization of workflow and notification routing to fit organizational processes.

    By leveraging these capabilities, customers can efficiently manage assignment corrections, improve remediation task visibility, and ensure that vulnerability response efforts are properly aligned with responsible teams.

    You can clear the Assigned to and Assignment group fields on container vulnerable items directly from the container vulnerable item and remediation task records that you determine might be incorrectly assigned to you or your groups.

    Overview for the workflow

    If you determine that container vulnerable items (CVITs) and remediation tasks (CVULs) aren't within your scope for remediation, or if you think that records have been incorrectly assigned to you or to your groups, you can remove yourself or your groups from the Assigned to and Assignment group fields on CVIT and CVUL records.

    The unassign workflow is supported in workspace and both classic and workspace views for CVITs and CVULs.

    You have the option to send requests to clear the assignment fields for approval. See Approve or reject an unassign request in Vulnerability Response and Removing assignments from vulnerable items and remediation tasks for more information.

    • The Unassign UI action is displayed on CVIT and CVUL records in any state other than the Closed or Resolved.
      Note:
      After the request to clear the fields is approved for a CVUL, all the Assigned to and Assignment group fields on CVITs that have the same assignment group are unassigned. If any CVIT on a CVUL has a different assignment group than its associated CVUL, it is not unassigned. In most cases these CVITs have been manually assigned. See Container Vulnerability Response remediation tasks and task rules overview and Removing assignments from vulnerable items and remediation tasks for more information.
    • Any records that you update with either the UI action or manually are displayed on the Unassigned module for Container Vulnerability Response.

    See Remove assignments from vulnerable items and remediation tasks for more information about the steps for how to clear the assignment fields.

    System properties and approval notifications

    If a remediation owner selects Unassign on a record, by default, the sn_vul.unassign_vr.approval_required system property triggers the approval flow and creates a state change approval record in the Review state, and the request is routed for approval. The request is displayed on the My Approvals list for users with the sn_vul_container.unassign_approver.

    Note:
    As a vulnerability administrator [sn_vul.vulnerability_admin], you can set the sn_vul.unassign_vr.approval_required system property to false to disable the approval process.

    Additionally, you can change the value in the sn_vul.default_assignment_group system property so if the assignment fields are cleared, a specific group is assigned. For example, if a user clicks Unassign on a record and you want to redirect it to a specific group for review, you can add the system ID for the group of your choice in the value field of the system property.

    Note:
    If you change this value, notifications for all the VITs, AVITs, and CVITs that are unassigned are sent to the group you specify.